Hi all, now I have a Webservice running on JBoss 4.2.2.GA (all) with "X509 Certificate Token"-Security. The serice endpoint is implemented by an ejb3 sessionbean. This works fine and a request/response is now signed and encrypted. Now, I would like to add authentication, so that a special user (and role) will be associated to the call. I know the CertificatePrincipal-Wiki-entry, but I don't know, how I should adopt this for a ejb-endpoint. Could you give me a hint, how I can authenticate and authorize with a security domain from a given x509 certificate? Thank you, Carsten View the original post : http://www.jboss.com/index.html?module=bb&op=viewtopic&p=4141824#... Reply to the post : http://www.jboss.com/index.html?module=bb&op=posting&mode=reply&a...